Skip to content
This repository has been archived by the owner on Jan 29, 2023. It is now read-only.

Client Algorithms

danopia edited this page Apr 15, 2013 · 13 revisions

OpenSSH

Client header: OpenSSH_6.0p1 Debian-3ubuntu1

{ kexAlgs: 
   [ 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521',
     'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1',
     'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1' ],
  hostKeyAlgs: 
   [ '[email protected]', '[email protected]',
     'ssh-rsa',
     '[email protected]',
     '[email protected]',
     '[email protected]',
     '[email protected]', '[email protected]',
     'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521',
     'ssh-dss' ],
  encAlgs: 
   [ 'aes128-ctr', 'aes192-ctr', 'aes256-ctr',
     'arcfour256', 'arcfour128',
     'aes128-cbc',
     '3des-cbc',
     'blowfish-cbc',
     'cast128-cbc',
     'aes192-cbc', 'aes256-cbc',
     'arcfour',
     '[email protected]' ],
  macAlgs: 
   [ 'hmac-md5',
     'hmac-sha1',
     '[email protected]',
     'hmac-sha2-256', 'hmac-sha2-256-96',
     'hmac-sha2-512', 'hmac-sha2-512-96',
     'hmac-ripemd160', '[email protected]',
     'hmac-sha1-96',
     'hmac-md5-96' ],
  cprAlgs: 
   [ 'none', '[email protected]', 'zlib',
     'none', '[email protected]', 'zlib' ] }

Putty

Client header: PuTTY_Release_0.62

{ kexAlgs: 
   [ 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1',
     'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1',
     'rsa2048-sha256', 'rsa1024-sha1' ],
  hostKeyAlgs: [ 'ssh-rsa', 'ssh-dss' ],
  encAlgs: 
   [ 'aes256-ctr', 'aes256-cbc',
     '[email protected]',
     'aes192-ctr', 'aes192-cbc',
     'aes128-ctr', 'aes128-cbc',
     'blowfish-ctr', 'blowfish-cbc',
     '3des-ctr', '3des-cbc',
     'arcfour256', 'arcfour128' ],
  macAlgs: 
   [ 'hmac-sha1', 'hmac-sha1-96', 'hmac-md5' ],
  cprAlgs: [ 'none', 'zlib' ] }

ConnectBot (Android)

Android IRC client, seems to use a pre-built library. Lacks SHA2.

Client header: TrileadSSH2Java_213

{ kexAlgs: 
   [ 'diffie-hellman-group-exchange-sha1',
     'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1' ],
  hostKeyAlgs: [ 'ssh-rsa', 'ssh-dss' ],
  encAlgs: 
   [ 'aes256-ctr', 'aes192-ctr', 'aes128-ctr',
     'blowfish-ctr',
     'aes256-cbc', 'aes192-cbc', 'aes128-cbc',
     'blowfish-cbc',
     '3des-ctr', '3des-cbc' ],
  macAlgs: 
   [ 'hmac-sha1-96', 'hmac-sha1', 'hmac-md5-96', 'hmac-md5' ],
  cprAlgs: [ 'none' ] }

Net::SSH (Ruby library)

Client header: Ruby/Net::SSH_2.5.2 x86_64-linux

{ kexAlgs: 
   [ 'diffie-hellman-group-exchange-sha1',
     'diffie-hellman-group1-sha1',
     'diffie-hellman-group14-sha1',
     'diffie-hellman-group-exchange-sha256',
     'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521' ],
  hostKeyAlgs: 
   [ 'ssh-rsa', 'ssh-dss',
     'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521' ],
  encAlgs: 
   [ 'aes128-cbc',
     '3des-cbc',
     'blowfish-cbc',
     'cast128-cbc',
     'aes192-cbc', 'aes256-cbc',
     '[email protected]',
     'idea-cbc',
     'none',
     'arcfour128', 'arcfour256', 'arcfour',
     'aes128-ctr', 'aes192-ctr', 'aes256-ctr',
     'camellia128-cbc', 'camellia192-cbc', 'camellia256-cbc',
     '[email protected]',
     '[email protected]',
     '[email protected]',
     'camellia128-ctr', 'camellia192-ctr', 'camellia256-ctr',
     '[email protected]',
     '[email protected]',
     '[email protected]',
     'cast128-ctr',
     'blowfish-ctr',
     '3des-ctr' ],
  macAlgs: 
   [ 'hmac-sha1', 'hmac-md5',
     'hmac-sha1-96', 'hmac-md5-96',
     'hmac-ripemd160', '[email protected]',
     'hmac-sha2-256', 'hmac-sha2-512',
     'hmac-sha2-256-96', 'hmac-sha2-512-96',
     'none' ],
  cprAlgs: 
   [ 'none', '[email protected]', 'zlib' ] }

Secure Shell (Google Chrome)

Appears to bundle an older OpenSSH.

Client header: OpenSSH_5.9

{ kexAlgs: 
   [ 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521',
     'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1',
     'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1' ],
  hostKeyAlgs: 
   [ '[email protected]', '[email protected]',
     'ssh-rsa',
     '[email protected]',
     '[email protected]',
     '[email protected]',
     '[email protected]', '[email protected]',
     'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521',
     'ssh-dss' ],
  encAlgs: 
   [ 'aes128-ctr', 'aes192-ctr', 'aes256-ctr',
     'arcfour256', 'arcfour128',
     'aes128-cbc',
     '3des-cbc',
     'blowfish-cbc',
     'cast128-cbc',
     'aes192-cbc', 'aes256-cbc',
     'arcfour',
     '[email protected]' ],
  macAlgs: 
   [ 'hmac-md5', 'hmac-sha1',
     '[email protected]',
     'hmac-sha2-256', 'hmac-sha2-256-96',
     'hmac-sha2-512', 'hmac-sha2-512-96',
     'hmac-ripemd160', '[email protected]',
     'hmac-sha1-96',
     'hmac-md5-96' ],
  cprAlgs: 
   [ '[email protected]', 'zlib', 'none' ] }

JuiceSSH (Android)

Appears to use another Java library. Also lacks SHA2.

Client header: JSCH-0.1.4

{ kexAlgs: 
   [ 'diffie-hellman-group1-sha1', 'diffie-hellman-group14-sha1',
     'diffie-hellman-group-exchange-sha1' ],
  hostKeyAlgs: [ 'ssh-rsa', 'ssh-dss' ],
  encAlgs: 
   [ 'aes128-ctr', 'aes128-cbc',
     '3des-ctr', '3des-cbc',
     'blowfish-cbc',
     'aes192-cbc', 'aes256-cbc' ],
  macAlgs: 
   [ 'hmac-md5', 'hmac-sha1', 'hmac-sha1-96', 'hmac-md5-96' ],
  cprAlgs: [ 'none' ] }

Ganymend (Java library)

Used by shady Android apps like "Telnet"

Client header: Ganymed Build_250

{ kexAlgs: 
   [ 'diffie-hellman-group-exchange-sha1',
     'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1' ],
  hostKeyAlgs: [ 'ssh-rsa', 'ssh-dss' ],
  encAlgs: 
   [ 'aes256-ctr', 'aes192-ctr', 'aes128-ctr',
     'blowfish-ctr',
     'aes256-cbc', 'aes192-cbc', 'aes128-cbc',
     'blowfish-cbc',
     '3des-ctr', '3des-cbc' ],
  macAlgs: 
   [ 'hmac-sha1-96', 'hmac-sha1', 'hmac-md5-96', 'hmac-md5' ],
  cprAlgs: [ 'none' ] }
Clone this wiki locally